Use Restricted Role Documents in FlexOrgs

search cancel

Use Restricted Role Documents in FlexOrgs

book

Article ID: 282748

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

A role document defines the permissions granted to a user, thereby determining which Platform features a user has access to.

When you create a new Role Document, you have two options:

Standard Role Document
Restricted Role Document

Standard Role Documents are used to choose which permissions to grant to a user.

Restricted Role Documents are used to choose which permissions should be restricted for a user.

Resolution

Note that Restricted Role Documents can not be used on their own - they must be used in conjunction with a Standard Role Document.

A user’s permissions is the combination of their Role Document permissions (their standard role document) minus the restricted role document permissions. If a user only has a restricted role document assigned, they will not have any permissions to access the CloudHealth platform!

Note: Restricting access will override all permissions. It will deny access even if a user is granted permission within another role document.

You can create a Standard Role Document and only choose the permissions you wish to grant. However, doing it this way means that whenever CloudHealth releases new permissions, you may have to manually edit the Role Document and add in those new permissions.

Using one of the System Defined Role Documents and then a Restricted Role Document to exclude permissions will mean that you won't have to manually include newly released permissions (these are included automatically within System Defined Role Documents).

Feedback

thumb_up Yes

thumb_down No